Protecting a software program against tampering
Abstract
In a general aspect, a method of protecting a software program against tampering can include: executing, by a processor of a user device, an executable code of the software program, the executable code comprising integrity check code sections; during execution of one of the integrity check code sections of the executable code, computing by the processor an integrity check result applied to a code segment of the executable code; transmitting by the processor to a server a message containing the integrity check result and an identifier of the code segment; and when the integrity check result does not correspond to a reference result for the code segment of a genuine version of the software program, receiving by the processor from the server a signal that prevents an operation of the software program from being executed by the processor.
Claims
exact text as granted — not AI-modifiedThe invention claimed is:
1. A method of protecting a software program against tampering, the method comprising:
dividing an executable code of the software program in code segments, each including an integrity check code section;
executing, by a processor of a user device, the executable code of the software program, wherein the execution of the integrity check code section of one of the code segments configures the processor to:
compute an integrity check result applied to a corresponding distinct code segment of the executable code; and
transmit to a server a message containing the integrity check result and an identifier of the corresponding code segment; and
in the server, comparing the integrity check result to a reference result assigned to the code segment identifier and, when the comparison fails, issuing to the user device a signal that prevents an operation of the software program from being executed by the processor.
2. The method of claim 1 , further comprising comparing, by the processor, the integrity check result with a reference result stored in the user device for the corresponding code segment, the message being transmitted to the server only when the integrity check result does not correspond to the reference result stored in the user device for the corresponding code segment.
3. The method of claim 2 , further comprising preventing, by the processor, an operation of the software program from being executed when the integrity check result does not correspond to the reference result stored for the corresponding code segment.
4. The method of claim 2 , wherein the reference result is received by the user device and inserted, by the processor, into the executable code when the executable code is executed by the processor at a first time.
5. The method of claim 2 , wherein the reference result is computed and inserted into the executable code when the executable code of the software program is generated.
6. The method of claim 1 , wherein the code segments are grouped together into sequences of code segments, each sequence comprising links between code segments, a root code segment and a last code segment, each link linking an originating code segment to a target code segment of the sequence, each link corresponding to an integrity check code section in the originating code segment of the link, which verifies integrity of the target code segment of the link.
7. The method of claim 1 , further comprising:
receiving, by the server from other user devices, messages containing an integrity check result associated with an identifier of a code segment of the software program and an identifier of the user device;
forming, by the server, result sets of integrity check results of instances of the software program, by grouping messages received from a same user device, each user device being considered as executing a single instance of the software program;
counting, by the server, occurrence numbers of identified different results sets among the result sets, each identified different result set corresponding to a respective version of the software program; and
deciding that one of the versions of the software program executed by a user device is genuine when the identified different result set corresponding to the version of the software program has an occurrence number exceeding a given threshold value after a given time from a first reception, by the server, of the identified different result set.
8. A device comprising a processor, a memory and communication circuits for connecting the processor to a remote server, the processor being configured to execute an executable code of a software program, the executable code comprising code segments, each including an integrity check code section,
the execution of the integrity check code section of one of the code segments by the processor configuring the processor to:
compute an integrity check result applied to a corresponding distinct code segment of the executable code;
transmit to a server a message containing the integrity check result and an identifier of the corresponding code segment; and
wherein the server is configured to compare the integrity check result to a reference result assigned to the code segment identifier and, when the comparison fails, issue to the device a signal that prevents an operation of the software program from being executed by the processor.
9. The device of claim 8 , wherein the device is further configured to compare, by the processor, the integrity check result with a reference result stored in the device for the corresponding code segment, the message being transmitted to the server only when the integrity check result does not correspond to the reference result stored in the device for the corresponding code segment.
10. The device of claim 9 , wherein the device is further configured to prevent, by the processor, an operation of the software program from being executed when the integrity check result does not correspond to the reference result stored for the code segment.
11. The device of claim 9 , wherein the reference result is received by the device and inserted, by the processor, into the executable code when the executable code is executed by the processor at a first time.
12. The device of claim 9 , wherein the reference result is computed and inserted into the executable code when the executable code of the software program is generated.
13. The device of claim 8 , wherein the code segments are grouped together into sequences of code segments, each sequence comprising links between code segments, a root code segment and a last code segment, each link linking an originating code segment to a target code segment of the sequence, each link corresponding to an integrity check code section in the originating code segment of the link, which verifies integrity of the target code segment of the link.
14. The device of claim 8 , further comprising a protected memory area configured to receive the message when the device is not connected to the server.
15. The device of claim 8 , further comprising a secure element configured to:
establish secure links with the processor and with the remote server;
receive and store the message from the processor; and
transmit the message to the server upon request thereof.
16. The device of claim 8 , further comprising a secure element configured to:
establish secure links with the processor and with the remote server;
receive and store the reference results of the software program from the server;
receive comparison requests from the processor;
subsequent to receiving a comparison request, compare an integrity check result of a code segment, received in the comparison request, with one of the reference results stored by the secure element and corresponding to the code segment, and transmit to the processor a comparison result of the comparison; or transmit to the processor the reference result requested in the comparison request;
generate and store a message containing the integrity check result; and
receive requests from the remote server, and subsequent to receiving a request from the remote server, transmit the message to the server.
17. A non-transitory computer-readable medium having a software program stored thereon, the software program, when executed by a computer, causes the computer to:
divide an executable code of the software program in code segments, each comprising an integrity check code sections;
during execution of the integrity check code sections of one of the executable code segments, compute an integrity check result applied to a corresponding distinct code segment of the executable code;
transmit, to a server, a message containing the integrity check result and an identifier of the corresponding code segment, wherein the server is configured to compare the integrity check result to a reference result assigned to the code segment identifier and, when the comparison fails, issue a signal; and
receive the signal from the server, the signal preventing an operation of the software program from being executed by the computer.
18. The non-transitory computer-readable medium of claim 17 , wherein the software program, when executed by the computer, further causes the computer to:
compare the integrity check result with a reference result stored in the computer for the corresponding code segment, the message being transmitted to the server only when the integrity check result does not correspond to the reference result stored in the computer for the corresponding code segment.
19. The non-transitory computer-readable medium of claim 18 , wherein the software program, when executed by the computer, further cause the computer to:
prevent an operation of the software program from being executed when the integrity check result does not correspond to the reference result stored for the code segment.
20. The non-transitory computer-readable medium of claim 18 , wherein the reference result is received by the computer and inserted into the executable code when the executable code is executed by the computer a first time.
21. The non-transitory computer-readable medium of claim 18 , wherein the reference result is computed and inserted into the executable code when the executable code of the software program is generated.
22. The non-transitory computer-readable medium of claim 17 , wherein the code segments are grouped together into sequences of code segments, each sequence comprising links between code segments, a root code segment and a last code segment, each link linking an originating code segment to a target code segment of the sequence, each link corresponding to an integrity check code section in the originating code segment of the link, which verifies integrity of the target code segment of the link.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.